[jira] Updated: (DERBY-1539) As per the functional spec attached to DERBY-1330, a trigger should be dropped when a privilege required by the trigger is revoked.

[Mamta A. Satoor (JIRA)]

     [ http://issues.apache.org/jira/browse/DERBY-1539?page=all ]

Mamta A. Satoor updated DERBY-1539:
-----------------------------------

    Attachment: DERBY1539V2statDropTriggerOnRevoke.txt
                DERBY1539V2diffDropTriggerOnRevoke.txt

I am attaching a patch (DERBY1539V2diffDropTriggerOnRevoke.txt) which supports 
basic revoke functionality for triggers. If revoke statement finds a trigger 
dependent on the table/column/routine on which privilege is being revoked, the 
trigger will be dropped automatically. 

I need to further fine tune this functionality with a subsequent patch, so that 
trigger will get dropped only if it depends on the particular privilege TYPE 
that is being revoked. For eg, a trigger might just need a SELECT privilege on 
a table(and doesn't depend on other kind of privileges on that table) but with 
this patch, the trigger will drop itself even when INSERT privilege is revoked 
on that same table.

svn stat -q o/p is attached as DERBY1539V2statDropTriggerOnRevoke.txt

Following changes are included in this patch
1)Add a new invalidation action called REVOKE_PRIVILEGE in 
BasicDependencyManager and DependencyManager
2)Had to make DropTriggerConstantAction.java and one of it's methods, 
dropTriggerDescriptor, public. This was required so that 
TriggerDescriptor can call DropTriggerConstantAction.dropTriggerDescriptor when 
it gets a revoke privilege for one of the privileges that is required by the 
TriggerDescriptor. DropTriggerConstantAction and TriggerDescriptor are not in 
the same package.
3)DataDictionaryImpl - send invalidation messages when a revoke privilege is 
requested only if that privilege was really granted to that user. Currently, a 
user can revoke a privilege which was never granted. Derby will treat it as a 
no-op because there is nothing to revoke. That is why I moved the if condition 
in the patch to it's new location. With this change, invalidation will get sent 
only on the revoke privilege which revokes a granted privilege.
4)For now, let ConstraintDescriptor and ViewDescriptor ignore revoke action. 
Will get to them in subsequent patch.
5)TriggerDescriptor.java will drop the trigger if it receives the revoke 
action. This needs to be refined more in subsequent patch becasue with the 
current patch, the trigger will drop itself for any kind of privilege type 
revoke on a table. For eg, a trigger
might just need a SELECT privilege on a table but the trigger will drop itself 
when INSERT privilege is revoked on that same table.
6)Added more tests into  lang/grantRevokeDDL.sql
        1) +ve test case
        mamta1 
        create a table t11TriggerRevokeTest
        grant trigger on t11TriggerRevokeTest to mamta2
        mamta2
        create a trigger on t11TriggerRevokeTest
        mamta1
        do some dmls
        revoke trigger on t11TriggerRevokeTest from mamta2 -- this will drop 
the dependent trigger
        mamta2
        attempt to recreate trigger on t11TriggerRevokeTest will fail. 
        mamta1 
        grant trigger privilege on t11TriggerRevokeTest
        mamta2
        recreates the trigger
        mamta1
        drop t11TriggerRevokeTest -- drops dependent trigger
        2) -ve test case
        mamta1
        create a table t11TriggerRevokeTest
        grant select on t11TriggerRevokeTest to mamta2
        grant trigger on t11TriggerRevokeTest to mamta2
        mamta2
        create a trigger on t11TriggerRevokeTest
        mamta1
        do some dmls
        -- following will drop the trigger eventhough trigger does not require 
SELECT privilege
        -- This is incorrect. Will fix this in the next patch
        revoke SELECT on t11TriggerRevokeTest from mamta2 
        mamta2
        attempt to recreate trigger on t11TriggerRevokeTest will pass because 
TRIGGER privilege is still in place. 
        





> As per the functional spec attached to DERBY-1330, a trigger should be 
> dropped when a privilege required by the trigger is revoked.
> -----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1539
>                 URL: http://issues.apache.org/jira/browse/DERBY-1539
>             Project: Derby
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 10.2.0.0
>            Reporter: Mamta A. Satoor
>         Assigned To: Mamta A. Satoor
>             Fix For: 10.2.0.0
>
>         Attachments: DERBY1539V1hashCodeEqualsDiff.txt, 
> DERBY1539V1hashCodeEqualsStat.txt, DERBY1539V2diffDropTriggerOnRevoke.txt, 
> DERBY1539V2statDropTriggerOnRevoke.txt
>
>
> A trigger tracks its privileges requirements using Derby's Dependency 
> Manager. If any one of those required privileges are revoked, the trigger 
> should be dropped automatically. 
> I am just creating a new jira entry here so it is easier to track sub items 
> of DERBY-1330. Will link this Jira entry to DERBY-1330.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira